<?php
if (!defined('CURRENT_PATH')){
	die('Hacking attempt');
	}
if($_REQUEST['act']&&$_REQUEST['act']=='save'){
	//dump($this->spArgs());
	if($this->spArgs(Pass)!=null&&$this->spArgs(NewPass)==$this->spArgs(ReNewPass)&&strlen($this->spArgs(NewPass))>=6){
	if($this->spArgs(Pass)==$this->spArgs(ReNewPass)){
		$msg='您输入的旧密码与新密码相同！';
	}else{
		$PassEdit=spClass(manage);
		$P=$PassEdit->find($conditions=array('id'=>$_SESSION['id']),'',$fields='password');
		$sigPassword=$P[password];
		import(CURRENT_PATH.'/lib/class-phpass.php');
		$hasher = new PasswordHash(8, TRUE);
		$PassChk=$hasher->CheckPassword($this->spArgs(Pass),$sigPassword);
		if($PassChk){//通过密码验证
			$newPass= $hasher->HashPassword($this->spArgs(NewPass));
			$PassEdit->update($conditions=array('id'=>$_SESSION['id']),$row=array('password'=>$newPass));
			$msg='恭喜密码更改成功，请牢记您的新密码！';
			$this->success($msg,$url='./index.php?c=admin&a=logout');
			die;
		}else{
			$msg='旧密码输入有误!';
		}
	}
		$this->error($msg);
	}else{
		if($this->spArgs(Pass)==null){
			$msg='请填写旧密码!';
		}else if(strlen($this->spArgs(NewPass))<6){
			$msg='新密码长度不得小于6!';		
		}else{
			$msg='两次输入的密码不相同!';
		}
		$this->error($msg);
		}
}else{
	$this->display('management/passchange.html');
}	